Add section on dependency management

We don't currently have guidance on best practices of dependency management. In Python, there are several approaches one can take, including:

1. frozen versions for everything
2. frozen or compatible problem modules, the rest to a compatible version
3. frozen or compatible problem modules, the rest are undefined
4. all undefined, let God do the sorting

More than one of these may be appropriate. One might, for example, have a test pipeline with undefined versions to test the latest packages, or choose freezing everything to archive a project in a known working state. I don't know about Node but I imagine there are similar issues there.